发表新帖
发表新帖

Android WebView SSL 'Security Warning'

前端 未结
关注
2 600
旧时难觅i
旧时难觅i 2021-01-11 23:52

I\'m building a test version of an app for a client. Part of this app uses a WebView that calls out to a SSL-based site. In turn, the client has provided a test domain where

相关标签:
2条回答
  • 攒了一身酷
    2021-01-12 00:19

    Create a WebViewClient and handle the onReceivedSslError which looks like this:

    public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error)

    Inside this callback you can just call handler.proceed() and the page will continue loading. If you don't handle this callback and call the proceed() method then the default behaviour will be for the page not to load.

    0 讨论(0)
  • 无人及你
    2021-01-12 00:20

    Updated answer according Google's new Security policy update for SSL Error Handler, please see this Android Developers Help Center article.

    For prevent rejection of application on Google Play for violating our Malicious Behavior policy.

    To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise.

    For example, I add an alert dialog to make user have confirmed and seems Google no longer shows warning.

    @Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
final AlertDialog.Builder builder = new AlertDialog.Builder(this);
 String message = "SSL Certificate error.";
    switch (error.getPrimaryError()) {
        case SslError.SSL_UNTRUSTED:
            message = "The certificate authority is not trusted.";
            break;
        case SslError.SSL_EXPIRED:
            message = "The certificate has expired.";
            break;
        case SslError.SSL_IDMISMATCH:
            message = "The certificate Hostname mismatch.";
            break;
        case SslError.SSL_NOTYETVALID:
            message = "The certificate is not yet valid.";
            break;
    }
    message += " Do you want to continue anyway?";

    builder.setTitle("SSL Certificate Error");
    builder.setMessage(message);

builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
    @Override
    public void onClick(DialogInterface dialog, int which) {
        handler.proceed();
    }
});
builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
    @Override
    public void onClick(DialogInterface dialog, int which) {
        handler.cancel();
    }
});
final AlertDialog dialog = builder.create();
dialog.show();

    }

    0 讨论(0)
 看不清?
提交回复
热议问题